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The MAILING DATE of this communication appears on the cover sheet with the correspondence address 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). in no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 
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earned patent term adjustment. See 37 CFR 1 .704(b). 
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1 )EE3 Responsive to communication(s) filed on 01/18/2000 . 
2a)D This action is FINAL. 2b)H This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 
Disposition of Claims 
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6) M Claim(s) Ui± is/are rejected. 
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DETAILED ACTION 

1 . Pursuant to USC 131, claims 1-31 are presenting for examination. 

Specification 

2. The disclosure is objected to because of the following informalities: on page 29, line 10, 
reference number "814" should be --8 16--. 

Appropriate correction is required. 

Drawings 

3. The drawings are objected to as failing to comply with 37 CFR 1.84(p)(4) because for 
example, in figure 6, reference characters "502" and "1 102" have both been used to designate 
"transparent proxy". This type of error is repeated many times throughout the application. 
Applicant is required to carefully review the application to correct such errors. 

A proposed drawing correction, corrected drawings, or amendment to the specification to 
add the reference sign(s) in the description, are required in reply to the Office action to avoid 
abandonment of the application. The objection to the drawings will not be held in abeyance. 

Claim Rejections - 35 USC §103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 
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(a) A patent may not be obtained though the invention is not identically disclosed or 
describee! as set forth in section 102 of this title, if the differences between the subject matter 
sought to be patented and the prior art are such that the subject matter as a whole would have 
been obvious at the time the invention was made to a person having ordinary skill in the art to 
which said subject matter pertains. Patentability shall not be negatived by the manner in which 
the invention was made. 

4. 1 Claims 1-4, 6-7, 9-17, and 20-31 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over US Patent 2002/0007317 to Callaghan et aL in view of US Patent 6,374,359 
to Shrader et aL. 

4.2 As per claim 1, Callaghan et al. substantially teaches a method for brokering state 
information exchanged between computers using at least one protocol above a transport layer, 
the method comprising the steps of receiving at a proxy a request from a client requesting a 
resource of an origin server (page 6, paragraph 86); redirecting the client request from the proxy 
to a policy module (page 6, paragraph 86); obtaining enforcement data provided by the policy 
module (page 6, paragraph 87); generating at the proxy a policy state token in response to the 
policy enforcement data (page 6, paragraph 87); and transmitting the policy state token from the 
proxy to the client (page 6, paragraph 87). Callaghan et aL does not explicitly state obtaining at 
the proxy policy enforcement data from the policy module. However, Shrader et al. in an 
analogous art teaches redirecting the client request from the proxy to a policy module (column 4, 
lines 10-65); obtaining at the proxy policy (web server) enforcement data provided by the policy 
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module and generating state token from the data (column 4, lines 10-65). Therefore, it would 
have been obvious to one of ordinary skill in the art at the time the invention was made to 
modify the method of Callaghan et al. to obtain enforcement data at the proxy from the policy 
module to create and validate authentication cookies as taught by Shrader et al.. This 
modification would have been obvious because one skilled in the art would have been motivated 
by the suggestions provided by Shrader et al. so as to validate the user to other server 
applications. 

As per claim 2, Callaghan et al. teaches further comprising the step of receiving at the 
proxy a renewed request for the origin server resource, the renewed request containing the policy 
state token (page 6, paragraph 87). 

As per claim 3, Callaghan et al. teaches the method of claim 2, wherein the renewed 
request contains the policy state token in a cookie in a header sent from the client to the proxy 
(page 6, paragraph 87). 

As per claim 4, Callaghan et al. teaches the step of forwarding to the origin server a 
portion of the renewed request, the forwarded portion omitting the policy state token (see page 6, 
paragraphs 88-90). Callaghan et al. further teaches in other embodiments the step of stripping 
off the state token (see page 4, paragraph 61 and page 5, paragraph 81). 
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4.3 As per claim 6, Callaghan et al. teaches further comprising the steps at the proxy of 
forwarding to the client at least a portion of a communication from the origin server, and 
forwarding to the origin server at least a portion of a communication from the client (page 5, 
paragraphs 81-82). 

4.4 As per claim 7, Callaghan et al. teaches the limitation of wherein HTTP is a protocol 
used during at least one of the receiving and transmitting steps (page 6, paragraph 86). 

4.5 As per claim 10, Callaghan et al. substantially teaches the claimed method of claim 1 
and further teaches the use of application programming interface. Callaghan et al. does not 
explicitly teach the LDAP application. Shrader et al. in an analogous art teaches LDAP as a 
software to provide authentication information about the client (column 4, lines 14-26). 
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention 
was made to modify the method of Callaghan et al. to use LDAP to authenticate the user as 
taught by Shrader et al.. This modification would have been obvious because one skilled in the 
art would have been motivated by the suggestions provided by Shrader et al. to provide 
authentication in the communications between the client and the server. 

4.6 Claims 9 and 11 are similar to the rejected claim 10 except for utilizing Novell 
Directory Services and SSL software respectively instead of LDAP. Shrader et al. uses LDAP 
only as an illustration but states that any other server administrative application can be 
implemented in the invention (column 4, lines 15-20 and lines 53-65). Therefore, claims 9 and 
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11 are rejected on the same rationale as the rejected claim 10. These applications are known in 
the art as also present in applicant's references. 



4.7 As per claim 12, Callaghan et al. teaches the limitation of wherein the obtaining step 
extracts policy enforcement data from a redirection address field (see page 6, paragraphs 86-87). 
The proxy obtains the enforcement data from a redirection field by the browser. In case of a 
policy module in a separate server, it is apparent to one of skilled in the art that the proxy will 
forward the redirection address field to the server. 

As per claim 13, Callaghan et al. teaches the limitation of wherein the transmitting step 
transmits the policy state token in a cookie in a header sent from the proxy to the client (page 6, 
paragraph 87). 

4.8 As per claim 14, Shrader et al. teaches a transparent proxy server (see column 5) 
comprising: a memory configured at least in part by a transparent proxy process; a processor for 
running the transparent proxy process; at least one link for networked communication between 
the transparent proxy process, on the one hand, and a client computer and an origin server, on the 
other hand; To one with ordinary skilled in the art, the web server has a memory and a processor 
to run the proxy process and the network can have any number of clients and servers with at least 
one with the policy module as disclosed by Shrader et aL; a policy module identifier which 
identifies a policy module that grants or denies authorization of proxy services. At step 56 
(column 5, line 50) Shrader et aL discloses a step to check the validation of the proxy services. 



Application/Control Number: 09/484,691 
Art Unit: 2133 



Page 7 



As per claim 15, Shrader et al. teaches a proxy server in combination with the policy 
module (column 5, lines 1-25). 

As per claim 16, Shrader et al. teaches the claimed method of claim 1 5, wherein the 
policy module and the transparent proxy process are running on the same computer (column 5, 
lines 1-25). 

As per claim 17, Shrader et al. the claimed method of claim 14, and further teaches that 
the client computer is networked to a set of one or more servers. Therefore, the addition of 
another client computer in the network is obvious to one skilled in the art. 

4.9 Claim 20 adds another proxy with similar limitations as the rejected claim 14. Shrader 
et al substantially teaches the claimed method of claim 14 in combination with at least one 
additional transparent proxy server which also has a memory configured at least in part by a 
transparent proxy process, a processor for running the transparent proxy process, a link, and a 
policy module identifier. To one with ordinary skilled in the art, the network can comprise of 
any number of clients and servers as disclosed by Shrader et al. (column 5, lines 1-25). 

As per claim 21, Shrader et al. substantially teaches the request from one proxy to 
another. Shrader et al. further mentions that at least one supports the server application. It is 
apparent to one skilled in the art that one can communicate with the other (column 5, lines 1-25). 
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As per claim 22, Shrader et al. teaches that one computer can perform the handling 
request in column 5. It is apparent to one skilled in the art that if two servers are combined the 
handling request can still be performed by one. 

4. 10 As per claim 23, Callaghan et al. teaches a pair of state information brokering signals 
embodied in a distributed computer system, the system containing a client, a transparent proxy 
server having a transparent proxy server address, and a policy module having a policy module 
address (see page 3, paragraphs 44-48), Callaghan et al. discloses in figure 1 a computer system 
with terminals that meets the recitation of signals from the computer, the pair of signals 
comprising: a first signal including a redirection command which specifies the policy module 
address as a redirection target (see page 6, paragraphs 86-87); and a second signal including a 
redirection command which specifies the transparent proxy server address as a redirection target 
and also including policy enforcement data which grants or denies authorization for the client to 
use a service of the transparent proxy server (see page 6, paragraphs 86-87). Callaghan et al. 
further discloses the address for the policy module for the user to enter data and the address of 
the proxy on the POST request. 

4. 1 1 As per claim 24, Callaghan et al. teaches the limitation of wherein the first signal 
includes an identity broker address as the policy module address (see page 6, paragraphs 86-87). 
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4. 12 As per claim 25, Callaghan et al. teaches the limitation of wherein the first signal 
includes a login server address as the policy module address (see page 6, paragraphs 86-87). 

4. 13 As per claim 26, Callaghan et al. teaches the limitation of wherein the second signal 
includes the policy enforcement data embedded in an address field with the transparent proxy 
server address (see page 6, paragraphs 86-87). 

4. 14 Claim 27 is similar to the rejected claim 1, except for incorporating the claimed method 
of claim 1 into a computer medium. Callaghan et al. in view of Shrader et al. teach a computer 
storage medium having configuration to perform the steps of claim 1 . Therefore, claim 27 is 
rejected on the same rationale as the rejected claim 1 . 

4.15 As per claim 28, Callaghan et al. substantially teaches a policy enforcement data that 
grants authorization for the client to access resources (page 6, paragraph 87). Callaghan et al. 
further teaches the step of generating at the transparent proxy a proxy cookie containing at least a 
portion of the policy enforcement data, and transmitting the proxie cookie from the transparent 
proxy to the client (page 6, paragraphs 86-87). Callaghan et al. does not explicitly grant 
authorization for the client through the transparent proxy, credentials are sent to the appropriate 
servers. However, Shrader et al. in an analogous art teaches the step of granting authorization 
for the client through the transparent proxy (column 4, lines 10-65). Therefore, it would have 
been obvious to one of ordinary skill in the art at the time the invention was made to modify the 
method of Callaghan et al. to grant authorization for the client through the transparent proxy as 
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taught by Shrader et al.. This modification would have been obvious because one skilled in the 
art would have been motivated by the suggestions provided by Shrader et al. so as to control 
authentication at the transparent proxy. 

4.16 As per claim 29, Callaghan et al. teaches the limitation of wherein the method further 
comprises the steps of accepting the proxy cookie at the transparent proxy with a renewed client 
request for the origin server resource, and forwarding the renewed client request to the origin 
server without the proxy cookie (see page 6, paragraphs 88-90). Callaghan et al. further teaches 
in other embodiments the step of stripping off the state token (see page 4, paragraph 61 and page 
5, paragraph 81). 

4. 17 As per claim 30, Callaghan et al. teaches the limitation of wherein the method further 
comprises the step of transparently forwarding the requested resource from the origin server to 
the client (see page 6, paragraphs 88-89). 

4. 1 8 As per claim 31, Callaghan et al. teaches the limitation of substantially teaches the step 
of generating at the proxy a policy state token in response to the policy enforcement data (page 6, 
paragraph 87); transmitting the policy state token from the proxy to the client (page 6, paragraph 
87); receiving the proxy cookie from the client with a renewed client request for the origin server 
resource (page 6, paragraph 87), and accepting the policy enforcement data (page 6, paragraphs 
88-90). Callaghan et al. does not teach using another proxy to perform the tasks. To a person 
skilled in the art it is apparent that another backup proxy will perform the same function. 
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Shrader et al. in an analogous art teaches using multiple proxies that support LDAP (column 5, 
lines 1-25). It is apparent that other servers are capable of doing the job when one server fails, so 
receiving the first proxy cookie at a second transparent proxy is not departing from the spirit and 
scope of the teaching of Shrader et al.. Therefore, it would have been obvious to one of 
ordinary skill in the art at the time the invention was made to modify the method of Callaghan et 
al. to include additional proxies as taught by Shrader et aL. This modification would have been 
obvious because one skilled in the art would have been motivated by the suggestions provided by 
Shrader et al. so as to have a reliable network. 

5. Claim 5 is rejected under 35 U.S.C. 103(a) as being unpatentable over US Patent 
2002/0007317 to Callaghan et al. in view of US Patent 6,374,359 to Shrader et al.. and further 
in view of US Patent 5,805,803 to Birrell et al.. 

As per claim 5, both references substantially teach further comprising the step of 
receiving at the proxy a reply from the origin server, the reply containing an origin state token 
(page 6, paragraphs 88-90). Callaghan et al. teaches subsequent communications with the user. 
Shrader et al.. also teaches subsequent communications with the browser. Neither of the 
references explicitly teaches a reply containing a cookie for use by the proxy in its subsequent 
communications with the origin server. Birrell et al. in an analogous art teaches subsequent 
requests between the proxy and the server (column 2, lines 52 et seq.). Therefore, it would have 
been obvious to one of ordinary skill in the art at the time the invention was made to modify the 
method as combined above to use the state token instead by the proxy in its subsequent 
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communications with the server without additional work by the proxy as taught by Birrell et al.. 
This modification would have been obvious because one skilled in the art would have been 
motivated by the suggestions provided by Birrell et al. so as to prevent additional work by the 
proxy. 

6. Claim 8 is rejected under 35 U.S.C. 103(a) as being unpatentable over US Patent 
2002/00073 17 to CaUaghan et al. in view of US Patent 6,374,359 to Shrader et aL. and further 
in view of US Patent 6,212,640 to Abdelnur et aL. 

As per claim 8, both references substantially teach the claimed method of claim 1 and 
further teaches the use of protocol HTTP. Neither of the references explicitly teaches the 
protocol HTTPS. Abdelnur et aL in an analogous art teaches HTTPS as a secure protocol 
(column 4, lines 14-26). Therefore, it would have been obvious to one of ordinary skill in the art 
at the time the invention was made to modify the method as combined above to add HTTPS 
during at least one of the receiving and transmitting steps to provide mean for automated 
encryption /decryption as taught by Abdelnur et aL. This modification would have been 
obvious because one skilled in the art would have been motivated by the suggestions provided by 
Abdelnur et aL to provide more authentication in the communications between the client and 
the server. 
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7. Claims 18-19 are rejected under 35 U.S.C 103(a) as being unpatentable over US Patent 
2002/0007317 to Callaghan et al. in view of US Patent 6,374,359 to Shrader et al.. and further 
in view of US Patent 6,401,125 to Makarios et aL. 

7. 1 As per claim 18, both references substantially teach the claimed transparent proxy server 
of claim 14. Callaghan et al. teaches the step of receiving a request from the client for a 
resource of the origin server (page 6, paragraph 86), sending the client an authorization by the 
policy module for the client to use a transparent proxy service (page 6, paragraph 86), accepting 
the authorization from the client with a renewed client request for the origin server resource 
(page 6, paragraph 87). Callaghan et al. further teaches forwarding the renewed client request 
with the credentials by stripping the cookie. Neither of the references explicitly teaches 
forwarding the renewed client request to the origin server without forwarding the authorization. 
However, Makarios et al. in an analogous art teaches forwarding the renewed client request to 
the origin server without forwarding the authorization but with an indication to the origin server 
that the transparent proxy server is the source of the forwarded request, and then transparently 
forwarding the requested resource from the origin server to the client (see column 3, lines 1-10; 
column 4,. lines 30-67 and column 5, lines 44-64). Therefore, it would have been obvious to one 
of ordinary skill in the art at the time the invention was made to modify the steps as combined 
above to forward the renewed client request without authentication as taught by Makarios et aL. 
This modification would have been obvious because one skilled in the art would have been 
motivated by the suggestions provided by Makarios et al. so as to maintain security and 
authentication in the proxy. 
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7.2 As per claim 19, Makarios et al. teaches the limitation of wherein the transparent proxy 
server sends the client the authorization by sending the client a proxy cookie for use in 
subsequent communications from the client (column 4, lines 55-67 and column 5, lines 25-50). 

Conclusion 

8. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

a. US Patent 6,389,462 Cohen et al 

This patent pertains to a method and apparatus for transparently redirecting an HTTP 
connection request that is directed to an origin server to a proxy cache. 

b. US Patent 6,182,141 Blumetal. 

This patent pertains to a transparent proxy and communication between the client and the 
remote server is done through the transparent proxy by a bi-directional tunneling method. 

8, 1 Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Carl Colin whose telephone number is 703-305-0355. The 
examiner can normally be reached on Monday through Thursday, 8:00-6:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Albert Decady can be reached on 703-305-9595. The fax phone number for the 
organization where this application or proceeding is assigned is (703) 872-9306. 
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Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is 703-305-3900. 



Carl Colin 

Patent Examiner ^ ■ v&ma^A^- 

October 14, 2003 

Albert DeCady 
Primary Examiner 



